Answer the question
In order to leave comments, you need to log in
Access/refresh token on microservice?
Hello everyone, the answer to the question is interesting: If the service that is responsible for the access / refresh token falls on the microservice, then what to do if the service fails, and how correct it is ( access / refresh token ) to be kept as a separate service
Answer the question
In order to leave comments, you need to log in
In fact, it is a common practice to separate the authorization and authentication service into a separate microservice. For example, OpenID is exactly what it was intended to be.
If the service goes down, then you have two potential problems: clients will not be able to receive new tokens, and api services will not be able to validate tokens from clients. You can't get rid of the first problem. And the second can be solved using JWT tokens, thanks to the presence of a signature, api services can validate the token on their own without contacting the authorization service.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question